An introduction to the SSO Single sign-on solution for well-known ERP vendors

Source: Internet
Author: User
Tags sap gui sap netweaver cipher suite

SSO English full name Single sign on, one-point login. SSO is a multi-application system in which users can access all trusted applications with only one login. It includes a mechanism that can map this major login to other apps for the same user's login. The main function of the authentication system is to compare the user's login information with the user database, to authenticate the users, and after the successful authentication, the authentication system should generate a unified certification mark (ticket) and return it to the user. It is one of the more popular solutions for enterprise business integration.
Enterprise Application integration (EAI, enterprise application integration). Enterprise application integration can be carried out at different levels: "Data centralization" at the data storage level, "Common data exchange Platform" at the transport level, "business process integration" at the application level, and "Common Enterprise Portal" on the user interface, etc. In fact, there is also a level of integration becomes more and more important, that is "identity authentication" integration, that is, "single sign-on."
In information security management, access controls surround four processes: Identification;authentication;authorization;accountability. Single Sign-on is part of the Authorization licensing system and includes: Lightweight Directory Access Protocol and Authorization ticket, in addition to single sign-on.

Let's introduce SAP SSO single sign-on one-point login

SAP Portfolio

SAP single sign-on provides simple, secure access to IT applications for business users. It offers advanced security
Capabilities to protect your company data and business applications.

Simple and secure access
? Single sign-on for native SAP clients and Web applications
? Single sign-on for mobile devices
? Support for cloud and on-premise landscapes
Secure Data communication
? Encryption of data communication for SAP GUI
? Digital signatures
? FIPS 140-2 Certification of security functions
Advanced Security Capabilities
? Two-factor Authentication
? risk-based Authentication using Access policies
? rfid-based Authentication
? Hardware Security Module Support

Two-factor Authentication

With Two-factor authentication you can implement a strong form of authentication in access to corporate resources–for E Xample, for especially critical systems or securing access from outside the company. SAP Single Sign-on 2.0 supports Two-factor authentication via time-based one-time passwords (TOTP) generated by the SAP Au Thenticator mobile app. Alternatively, Out-of-band transport of tokens, including one-time passwords sent via SMS or email Or Rsa/radius, is supported.

risk-based Authentication

SAP Single Sign-on 2.0 (since SP5) offers risk-based authentication. This means a authentication process can dynamically adapt to the context of an individual authentication request BAS Ed on custom-defined access policies. First, you check the context information of an authentication attempt. This could is the IP address of the client, location, date/time, device information, or user attributes such as groups, FO R example. Secondly, based on this context information and make a dynamic decision on whether you accept or deny access, or Alte Rnatively enforce Two-factor Authentication in case the context indicates a higher risk. You could even reduce the privileges of the person accessing the backend system, thus limiting the business functionality Available to this user.

rfid-based identification

For scenarios where users need quick access to a system to perform short tasks, you can use Fast user identification via R Adio-frequency identification (RFID). The user is identified via an RFID token, such as a company batch card. RFID authentication is ideally suited to warehouse and production scenarios with dedicated kiosk PCs for authentication.

Digital Signatures

Digital signatures uniquely identify the signer, protect the integrity of the data, and provide the means for a binding Si Gnature that cannot is denied afterwards. SAP single sign-on supports digital signing using the Secure Store and Forward (SSF) interface. The Secure Login Client for SAP GUI can use the certificates to digital signatures in an SAP environment. Server-side digital signatures is supported by the SAP Common cryptographic Library. In addition, SAP single sign-on includes support for Server-side digital signatures via hardware security modules, Offerin G increased security and performance.

Certificate Lifecycle Management for ABAP application Servers

SAP Single Sign-on 2.0 (since SP6) supports automated renewal of the certificates for SAP NetWeaver application Server A BAP using Secure Login Server. This reduces manual efforts and prevents downtime.

Mobile SSO with SAP single sign-on

The SAP single sign-on solution brings simplicity for your end-users by eliminating the need for multiple passwords and US Er IDs. In addition, can lower the risks of unsecured login information, reduce help desk calls, and help ensure the confident Iality and security of personal and company data. In order to meet evolving security demands, you can extend your a sign-on solution even further and offer your end-us ERs "Mobile single sign-on". Your Mobile users would have the only one password to remember, less typing of the complicated user IDs and passwords, and more Tim E for actual work!

SAP Single Sign-on 2.0 (since SP4) supports single sign-on from mobile devices, offering both a simple and secure solution For mobile access to your corporate business processes. The solution is based in time-based one-time passwords (TOTP) generated by the SAP Authenticator mobile app. The SAP Authenticator mobile app is available for both IOS and Android, and supports the IETF standard RFC 6238.

We assume that the user already started the SAP Authenticator application earlier on same day and now he wants to start us ing one of the bookmarked Web applications, for example SAP Mobile Portal.

When the user clicks the Mobile Portal in the bookmark, the SAP Authenticator generates a new passcode and creates a URL (for Example Https://portal_host/irj/portal?j_username=[username]&j_passcode=[passcode]), providing in the URL the UserName and the passcode necessary for authentication. Then SAP Authenticator sends the URL to the browser and the browser opens the requested resource. The user sees only the authentication result when the requested resource appears.

Significant performance increase on all major platforms
? RSA, AES, SHA-2
? Perfect Forward secrecy for TLS
? Ephemeral key agreement
? Elliptic Curve Diffie-hellman Key exchange
? Elliptic curves P-224, P-256, P-384, P-521
? TLS 1.2 cipher Suites in Galois Counter Mode (GCM)
? New command "Sapgenpse tlsinfo" to help configure
Cipher Suite profile parameters for TLS

--------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------- --------

Hope to your company's enterprise information it architecture and management help. Other articles you might be interested in:
Introduction to software project Risk management
Introduction of enterprise project management
One of intelligent Enterprise and informatization
From the basic qualities of entrepreneurs
Method and practice of quality assurance of agile software
Build efficient research and development and automated operation and maintenance
Introduction to it operation and maintenance monitoring solution
Quality management of it continuous integration
Talent company environment and corporate culture
The Balanced scorecard of enterprise performance management system
Corporate culture, team culture and knowledge sharing
High-Performance Team building
Food chain Company It informatization solution One

If you want to know more software development, system it integration, Enterprise informatization, project management, business management and other information, please follow my subscription number:


Petter Liu
Source: http://www.cnblogs.com/wintersun/
This article is copyright to the author and the blog Park, Welcome to reprint, but without the consent of the author must retain this paragraph, and in the article page obvious location to the original link, otherwise reserves the right to pursue legal responsibility.
The article was also published in my Independent blog-petter Liu blog.

An introduction to the SSO Single sign-on solution for well-known ERP vendors

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.